As per an independent researcher Rajshekhar Rajaharia, millions of personal data of Mobikwik users have been leaked online. First reported by TechNadu website, private information of 3.5 million users has appeared for sale on the dark web. Mobikwik has denied the claims. Also Read - Top 5 UPI apps you can use to transfer money in India: GPay, Paytm, more
French ethical hacker and security researcher Robert Baptiste, who goes by the name Elliot Alderson on Twitter, also highlighted the alleged data breach. Also Read - MobiKwik temporarily taken down from Google Play Store for promoting Aarogya Setu
Baptiste said in a tweet that it is “probably the largest KYC data leak in history”. Also Read - Honor 10 Lite first flash sale on January 20: All you need to know
Mobikwik data leak: Here’s what happened
As per the report, the breached data includes 36,099,759 files that comprise 8.2 terabytes of data. The data is said to be offered for sale at 1.5 bitcoins (or $84,000).
Indian payment systems giant “Mobikwik” allegedly suffered what may be considered the largest KYC data leak in history.
— Alon Gal (Under the Breach) (@UnderTheBreach) March 28, 2021
The report further revealed that the breached data includes details such as email addresses, phone numbers, bank account and card details.
Check out the list of documents available on the dark web for sale:
– Total 350GB MySQL dumps – > 500 databases
– 99 million — email ID, phone, passwords, addresses, apps installed, phone manufacturer, IP address, and GPS location
– 40 million — 10 digit card, month, year, card hash
– ~7.5 TB of ~3 million Merchant KYC data – passports, Aadhar cards, pan cards, selfie, store picture proof, and more used to get loans on the mobile phone-based payment system.
A note to our users. pic.twitter.com/J3WRM0Ko8v
— Bipin Preet Singh (@BipinSingh) March 30, 2021
Mobikwik denies data breach claims
The company has denied these claims. Mobikwik in an official statement to BGR India stated, “Some media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organization as well as members of the media. We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure.”